ngtcp2: handle key updates as ngtcp2 master branch tells us

Reviewed-by: Tatsuhiro Tsujikawa Fixes #4612 Closes #4613
2025-02-28 17:31:46 -05:00 · 2019-11-18 10:34:26 +01:00 · 2019-11-18 10:34:26 +01:00 · a72b6b9606
commit a72b6b9606
parent d1476aa11e
2 changed files with 36 additions and 3 deletions
--- a/lib/vquic/ngtcp2.c
+++ b/lib/vquic/ngtcp2.c
@ -174,8 +174,19 @@ static int quic_set_encryption_secrets(SSL *ssl,
         tx_secret, secretlen, NGTCP2_CRYPTO_SIDE_CLIENT) != 0)
    return 0;
-  if(level == NGTCP2_CRYPTO_LEVEL_APP && init_ngh3_conn(qs) != CURLE_OK)
+  if(level == NGTCP2_CRYPTO_LEVEL_APP) {
-    return 0;
+    if(init_ngh3_conn(qs) != CURLE_OK)
      return 0;
    /* malloc an area big enough for both secrets */
    qs->rx_secret = malloc(secretlen * 2);
    if(!qs->rx_secret)
      return 0;
    memcpy(qs->rx_secret, rx_secret, secretlen);
    memcpy(&qs->rx_secret[secretlen], tx_secret, secretlen);
    qs->tx_secret = &qs->rx_secret[secretlen];
    qs->rx_secretlen = secretlen;
  }
  return 1;
 }
@ -503,6 +514,25 @@ static int cb_get_new_connection_id(ngtcp2_conn *tconn, ngtcp2_cid *cid,
  return 0;
 }
 static int cb_update_key(ngtcp2_conn *tconn, uint8_t *rx_key,
                         uint8_t *rx_iv, uint8_t *tx_key,
                         uint8_t *tx_iv, void *user_data)
 {
  struct quicsocket *qs = (struct quicsocket *)user_data;
  uint8_t rx_secret[64];
  uint8_t tx_secret[64];
  if(ngtcp2_crypto_update_key(tconn, rx_secret, tx_secret,
                              rx_key, rx_iv, tx_key, tx_iv, qs->rx_secret,
                              qs->tx_secret, qs->rx_secretlen) != 0)
    return NGTCP2_ERR_CALLBACK_FAILURE;
  /* store the updated secrets */
  memcpy(qs->rx_secret, rx_secret, qs->rx_secretlen);
  memcpy(qs->tx_secret, tx_secret, qs->rx_secretlen);
  return 0;
 }
 static ngtcp2_conn_callbacks ng_callbacks = {
  cb_initial,
  NULL, /* recv_client_initial */
@ -524,7 +554,7 @@ static ngtcp2_conn_callbacks ng_callbacks = {
  NULL, /* rand  */
  cb_get_new_connection_id,
  NULL, /* remove_connection_id */
-  NULL, /* update_key */
+  cb_update_key, /* update_key */
  NULL, /* path_validation */
  NULL, /* select_preferred_addr */
  cb_stream_reset,
--- a/lib/vquic/ngtcp2.h
+++ b/lib/vquic/ngtcp2.h
@ -46,6 +46,9 @@ struct quicsocket {
  ngtcp2_settings settings;
  SSL_CTX *sslctx;
  SSL *ssl;
  uint8_t *rx_secret; /* malloced */
  uint8_t *tx_secret; /* points into the above buffer */
  size_t rx_secretlen;
  struct quic_handshake client_crypto_data[3];
  /* the last TLS alert description generated by the local endpoint */
  uint8_t tls_alert;